Hi Andrew, > > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger any > issue: > > Reported-and-tested-by: > syzbot+f1d7fb4f94764243d23e@xxxxxxxxxxxxxxxxxxxxxxxxx > > Tested on: > > commit: 581a87b1 fixup! mm/gup: introduce memfd_pin_folios() f.. > git tree: https://gitlab.freedesktop.org/Vivek/drm-tip.git > syzbot_fix_remove_inode How do you prefer to take the following short fix for this issue? commit 581a87b19b3739da8c10750b499c55062ea54bf4 Author: Vivek Kasireddy <vivek.kasireddy@xxxxxxxxx> Date: Mon Jul 8 23:04:48 2024 -0700 fixup! mm/gup: introduce memfd_pin_folios() for pinning memfd folios Return -EINVAL if the end offset is greater than the size of memfd. Signed-off-by: Vivek Kasireddy <vivek.kasireddy@xxxxxxxxx> diff --git a/mm/gup.c b/mm/gup.c index 43f6d2f689d2..54d0dc3831fb 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -3630,6 +3630,9 @@ long memfd_pin_folios(struct file *memfd, loff_t start, loff_t end, if (!shmem_file(memfd) && !is_file_hugepages(memfd)) return -EINVAL; + if (end >= i_size_read(file_inode(memfd))) + return -EINVAL; + if (is_file_hugepages(memfd)) { h = hstate_file(memfd); Thanks, Vivek > console output: https://syzkaller.appspot.com/x/log.txt?x=145a8535980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=409b5fcdf33b7555 > dashboard link: > https://syzkaller.appspot.com/bug?extid=f1d7fb4f94764243d23e > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) > 2.40 > > Note: no patches were applied. > Note: testing is done by a robot and is best-effort only.
